Login failed due to multiple records in {auth_oidc_token} #3005
Description
Users report login failure, which is caused by multiple records in {mdl_auth_oidc_token}
User-facing error:
Login failed for user 'user1'. Most likely the password did not match (error ID '3’).
The error from error.log in debug mode:
[Wed Jan 14 08:59:53.673572 2026] [php7:notice] [pid 1815475] [client 83.71.147.163:48689] PHP Notice: Error: mdb->get_record() found more than one record!<ul style="text-align: left" data-rel="backtrace"><li>line 1980 of /lib/dml/moodle_database.php: call to debugging()</li><li>line 1940 of /lib/dml/moodle_database.php: call to moodle_database->get_record_sql()</li><li>line 1913 of /lib/dml/moodle_database.php: call to moodle_database->get_record_select()</li><li>line 158 of /auth/oidc/classes/loginflow/authcode.php: call to moodle_database->get_record()</li><li>line 200 of /auth/oidc/auth.php: call to auth_oidc\\loginflow\\authcode->user_login()</li><li>line 4744 of /lib/moodlelib.php: call to auth_plugin_oidc->user_login()</li><li>line 479 of /auth/oidc/classes/loginflow/authcode.php: call to authenticate_user_login()</li><li>line 291 of /auth/oidc/classes/loginflow/authcode.php: call to auth_oidc\\loginflow\\authcode->handlelogin()</li><li>line 118 of /auth/oidc/classes/loginflow/authcode.php: call to auth_oidc\\loginflow\\authcode->handleauthresponse()</li><li>line 168 of /auth/oidc/auth.php: call to auth_oidc\\ in /opt/vhosts/training.exampledomain.com/www/server/lib/weblib.php on line 3513, referer: https://login.microsoftonline.com/ [Wed Jan 14 08:59:53.673712 2026] [php7:notice] [pid 1815475] [client 83.71.147.163:48689] [client 83.71.147.163] https://learning.exampledomain.com Failed Login: user1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 Edg/143.0.0.0, referer: https://login.microsoftonline.com/ [Wed Jan 14 08:59:53.679464 2026] [php7:notice] [pid 1815475] [client 83.71.147.163:48689] Default exception handler: There was a problem logging you in. Please contact your administrator for assistance. Debug: 2\nError code: errorauthgeneral\n* line 485 of /auth/oidc/classes/loginflow/authcode.php: moodle_exception thrown\n* line 291 of /auth/oidc/classes/loginflow/authcode.php: call to auth_oidc\\loginflow\\authcode->handlelogin()\n* line 118 of /auth/oidc/classes/loginflow/authcode.php: call to auth_oidc\\loginflow\\authcode->handleauthresponse()\n* line 168 of /auth/oidc/auth.php: call to auth_oidc\\loginflow\\authcode->handleredirect()\n* line 31 of /auth/oidc/index.php: call to auth_plugin_oidc->handleredirect()\n, referer: https://login.microsoftonline.com/
There are indeed multiple entries in {mdl_auth_oidc_token}:
mysql> select username, count(username) from mdl_auth_oidc_token group by username having count(username) > 1;
+----------+-----------------+
| username | count(username) |
+----------+-----------------+
| user1 | 2 |
| user2 | 2 |
| user3 | 2 |
+----------+-----------------+
3 rows in set (0.00 sec)
A few things to mention here:
- there's no unique constraint on username in {mdl_auth_oidc_token} while get_record() expect a unique value
- what's way worse is that the actual error is NOT reported in the "minimal" debug Moodle setting, one needs to enable the full debug mode and only then see the multiple entries error, please appreciate how difficult it is to debug it in a production Moodle for a corporate client